Syncthing: Difference between revisions
Cleanup |
added instruction for creating a password hash |
||
| (4 intermediate revisions by 4 users not shown) | |||
| Line 1: | Line 1: | ||
[https://syncthing.net Syncthing] is a decentralized file synchronization service. You can use it to safely sync all files in a folder between different desktops/servers. | [https://syncthing.net Syncthing] is a decentralized file synchronization service. You can use it to safely sync all files in a folder between different desktops/servers. | ||
== Setup == | == Setup == | ||
To enable Syncthing, add following to your system configuration: | To enable Syncthing, add the following to your system configuration: | ||
<syntaxhighlight lang="nix"> | <syntaxhighlight lang="nix"> | ||
| Line 7: | Line 7: | ||
enable = true; | enable = true; | ||
openDefaultPorts = true; | openDefaultPorts = true; | ||
# Optional: GUI credentials (can be set in the browser instead if you don't want plaintext credentials in your configuration.nix file) | |||
# or the password hash can be generated with "syncthing generate --config <path> --gui-password=<password>" | |||
settings.gui = { | settings.gui = { | ||
user = "myuser"; | user = "myuser"; | ||
| Line 14: | Line 16: | ||
</syntaxhighlight> | </syntaxhighlight> | ||
You can confirm Syncthing runs by visiting http://127.0.0.1:8384/ and | You can confirm Syncthing runs by visiting http://127.0.0.1:8384/ and authenticating using the credentials above. | ||
== Configuration == | == Configuration == | ||
=== Sync folders and trusted remote hosts === | |||
The following configuration will trust the remote hosts <code>device1</code> and <code>device2</code> by adding their <code>id</code>s. The shares <code>Documents</code> and <code>Example</code> are added to the local node, defined by their local file paths and list of allowed devices.<syntaxhighlight lang="nix"> | |||
services.syncthing = { | |||
settings = { | |||
devices = { | |||
"device1" = { id = "DEVICE-ID-GOES-HERE"; }; | |||
<syntaxhighlight lang="nix"> | "device2" = { id = "DEVICE-ID-GOES-HERE"; }; | ||
services = { | }; | ||
folders = { | |||
"Documents" = { | |||
path = "/home/myusername/Documents"; | |||
devices = [ "device1" "device2" ]; | |||
}; | }; | ||
"Example" = { | |||
path = "/home/myusername/Example"; | |||
devices = [ "device1" ]; | |||
# By default, Syncthing doesn't sync file permissions. This line enables it for this folder. | |||
ignorePerms = false; | |||
}; | }; | ||
}; | }; | ||
}; | }; | ||
}; | }; | ||
</syntaxhighlight> | </syntaxhighlight> | ||
=== Declarative node IDs === | === Declarative node IDs === | ||
If you set up Syncthing with the above configuration, you will still need to manually accept the connection from your other devices. If you want to make this automatic, you must also set the key.pem and cert.pem options: | If you set up Syncthing with the above configuration, you will still need to manually accept the connection from your other devices. If you want to make this automatic, you must also set the key.pem and cert.pem options: | ||
| Line 82: | Line 57: | ||
To generate a new key.cert and key.pem for a deployment, you can use the -generate argument: | To generate a new key.cert and key.pem for a deployment, you can use the -generate argument: | ||
<syntaxhighlight lang="bash">$ nix-shell -p syncthing --run "syncthing - | <syntaxhighlight lang="bash">$ nix-shell -p syncthing --run "syncthing generate --config myconfig/" | ||
2024/04/23 11:41:17 INFO: Generating ECDSA key and certificate for syncthing... | 2024/04/23 11:41:17 INFO: Generating ECDSA key and certificate for syncthing... | ||
2024/04/23 11:41:17 INFO: Device ID: DMWVMM6-MKEQVB4-I4UZTRH-5A6E24O-XHQTL3K-AAI5R5L-MXNMUGX-QTGRHQ2 | 2024/04/23 11:41:17 INFO: Device ID: DMWVMM6-MKEQVB4-I4UZTRH-5A6E24O-XHQTL3K-AAI5R5L-MXNMUGX-QTGRHQ2 | ||
| Line 89: | Line 64: | ||
cert.pem config.xml key.pem</syntaxhighlight> | cert.pem config.xml key.pem</syntaxhighlight> | ||
== Disable default sync folder == | == Tips and tricks == | ||
=== Disable default sync folder === | |||
Syncthing creates a 'Sync' folder in your home directory every time it regenerates a configuration, even if your declarative configuration does not have this folder. You can disable that by setting the STNODEFAULTFOLDER environment variable: | Syncthing creates a 'Sync' folder in your home directory every time it regenerates a configuration, even if your declarative configuration does not have this folder. You can disable that by setting the STNODEFAULTFOLDER environment variable: | ||
<syntaxhighlight lang="nix">systemd.services.syncthing.environment.STNODEFAULTFOLDER = "true"; # Don't create default ~/Sync folder</syntaxhighlight> | <syntaxhighlight lang="nix">systemd.services.syncthing.environment.STNODEFAULTFOLDER = "true"; # Don't create default ~/Sync folder</syntaxhighlight> | ||
== | == See also == | ||
https://github.com/nix-community/home-manager/blob/master/modules/services/syncthing.nix | * Home-Manager service https://github.com/nix-community/home-manager/blob/master/modules/services/syncthing.nix | ||
[[Category: Applications]] | [[Category: Applications]] | ||
[[Category:Web Applications]] | |||
Latest revision as of 11:04, 23 February 2025
Syncthing is a decentralized file synchronization service. You can use it to safely sync all files in a folder between different desktops/servers.
Setup
To enable Syncthing, add the following to your system configuration:
services.syncthing = {
enable = true;
openDefaultPorts = true;
# Optional: GUI credentials (can be set in the browser instead if you don't want plaintext credentials in your configuration.nix file)
# or the password hash can be generated with "syncthing generate --config <path> --gui-password=<password>"
settings.gui = {
user = "myuser";
password = "mypassword";
};
};
You can confirm Syncthing runs by visiting http://127.0.0.1:8384/ and authenticating using the credentials above.
Configuration
Sync folders and trusted remote hosts
The following configuration will trust the remote hosts device1 and device2 by adding their ids. The shares Documents and Example are added to the local node, defined by their local file paths and list of allowed devices.
services.syncthing = {
settings = {
devices = {
"device1" = { id = "DEVICE-ID-GOES-HERE"; };
"device2" = { id = "DEVICE-ID-GOES-HERE"; };
};
folders = {
"Documents" = {
path = "/home/myusername/Documents";
devices = [ "device1" "device2" ];
};
"Example" = {
path = "/home/myusername/Example";
devices = [ "device1" ];
# By default, Syncthing doesn't sync file permissions. This line enables it for this folder.
ignorePerms = false;
};
};
};
};
Declarative node IDs
If you set up Syncthing with the above configuration, you will still need to manually accept the connection from your other devices. If you want to make this automatic, you must also set the key.pem and cert.pem options:
services = {
syncthing = {
key = "${</path/to/key.pem>}";
cert = "${</path/to/cert.pem>}";
...
};
This will ensure your node has a stable ID.
You can optionally include the key.pem and cert.pem files in the NixOS configuration using a tool like sops-nix. See Comparison of secret managing schemes.
To generate a new key.cert and key.pem for a deployment, you can use the -generate argument:
$ nix-shell -p syncthing --run "syncthing generate --config myconfig/"
2024/04/23 11:41:17 INFO: Generating ECDSA key and certificate for syncthing...
2024/04/23 11:41:17 INFO: Device ID: DMWVMM6-MKEQVB4-I4UZTRH-5A6E24O-XHQTL3K-AAI5R5L-MXNMUGX-QTGRHQ2
2024/04/23 11:41:17 INFO: Default folder created and/or linked to new config
$ ls myconfig/
cert.pem config.xml key.pem
Tips and tricks
Disable default sync folder
Syncthing creates a 'Sync' folder in your home directory every time it regenerates a configuration, even if your declarative configuration does not have this folder. You can disable that by setting the STNODEFAULTFOLDER environment variable:
systemd.services.syncthing.environment.STNODEFAULTFOLDER = "true"; # Don't create default ~/Sync folder